SANS ISC InfoSec Forums

Yesterday, we reported about a new Windows Kernel vulnerability [1] . The vulnerability affects all versions of Windows (NT 3.51 up to Windows 7) unless 16-bit application support is disabled. If exploited, the vulnerability will lead to privilege escalation.

Today, Microsoft released an official response in the form of a Security Advisory [2]. The advisory (KB Article 979682) states that Microsoft is investigating the report, and is not aware of any use of the vulnerability in current exploits.

According to Microsoft's list of vulnerable and non-vulnerable systems, 64 bit version of the Windows OS are not vulnerable, but 32 bit versions are. In part this is due to the fact that 64 bit versions of Windows do not include the vulnerable feature (16 bit compatibility).

The workaround outlined by Microsoft matches the workaround proposed in the advisory: Disable access to 16 bit applications. This should work well for the vast majority of systems. But be aware that there is a reason for this feature: Some old (very old) applications do require 16 bit support. This may in particular affect old custom software and support for odd hardware configurations. A standard office desktop should not require any 16 bit applications. As always: Test first.

For the love of god, isn't it time MS stopped supporting this old crap. Yes, they're scared of losing customers but their just as likely to lose them with stuff like this - fixing holes in 20 year old code!

Ditto here. We still use and old version of Ultra Master for control of drive motor servos on one of our printing presses here at work. Cost outweighs the need to stay up to date. Having to support an old Windows 95 machine. It's on a seg'd network with only specific TCP access in/out for exactly what we need.